Re: [sqlmap-users] Found a new Bug

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

hi again.

this is an annoying known python/urllib2 bug/issue (you can google:
maximum recursive basicauth) which we previously patched, but it
appears that it needed some more work.

with r3387 it should be completely "patched". tested on windows
(python 2.6.5) and linux (python 2.6.6) platforms.

kr

On Wed, Mar 2, 2011 at 11:19 AM, Miroslav Stampar
<mir...@gm...> wrote:
> thx for reporting.
>
> i've been able to reproduce it only on Windows machine (we've fixed
> the issue before but it appears that Windows needs some more fixing)
>
> on it
>
> kr
>
> On Tue, Mar 1, 2011 at 4:22 PM,  <nig...@em...> wrote:
>>
>>   Hi i tryed a simple testing with not special commands and sqlmap gets an runtime error
>>
>> Revision 3385
>> sqlmap -u "www.xxxxxxxxx.xxx/members/content.php?show=videos&section=5&videoset=1"  --auth-type=Basic --auth-cred=xxxx:xxxx --random-agent --retries=6 --level 5 --risk 3 -f -b
>>
>>  File "C:\pentest\p\sqlmap.0.9\lib\request\basicauthhandler.py", line 33, in http_error_auth_reqed
>>  self, auth_header, host, req, headers)
>>  File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed
>>  return self.retry_http_basic_auth(host, req, realm)
>>  File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth
>>  return self.parent.open(req, timeout=req.timeout)
>>  File "C:\Python26\lib\urllib2.py", line 397, in open
>>  response = meth(req, response)
>>  File "C:\Python26\lib\urllib2.py", line 510, in http_response
>>  'http', request, response, code, msg, hdrs)
>>  File "C:\Python26\lib\urllib2.py", line 429, in error
>>  result = self._call_chain(*args)
>>  File "C:\Python26\lib\urllib2.py", line 369, in _call_chain
>>  result = func(*args)
>>  File "C:\Python26\lib\urllib2.py", line 855, in http_error_401
>>  url, req, headers)
>>  File "C:\pentest\p\sqlmap.0.9\lib\request\basicauthhandler.py", line 33, in http_error_auth_reqed
>>  self, auth_header, host, req, headers)
>>  File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed
>>  return self.retry_http_basic_auth(host, req, realm)
>>  File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth
>>  return self.parent.open(req, timeout=req.timeout)
>>  File "C:\Python26\lib\urllib2.py", line 391, in open
>>  response = self._open(req, data)
>>  File "C:\Python26\lib\urllib2.py", line 409, in _open
>>  '_open', req)
>>  File "C:\Python26\lib\urllib2.py", line 369, in _call_chain
>>  result = func(*args)
>>  File "C:\Python26\lib\urllib2.py", line 1161, in http_open
>>  return self.do_open(httplib.HTTPConnection, req)
>>  File "C:\Python26\lib\urllib2.py", line 1107, in do_open
>>  h = http_class(host, timeout=req.timeout) # will parse host:port
>> RuntimeError: maximum recursion depth exceeded
>>
>> [*] shutting down at: 16:10:41
>>
>> ------------------------------------------------------------------------------
>> Free Software Download: Index, Search & Analyze Logs and other IT data in
>> Real-Time with Splunk. Collect, index and harness all the fast moving IT data
>> generated by your applications, servers and devices whether physical, virtual
>> or in the cloud. Deliver compliance at lower cost and gain new business
>> insights. http://p.sf.net/sfu/splunk-dev2dev
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
> Miroslav Stampar
>
> E-mail: miroslav.stampar (at) gmail.com
> PGP Key ID: 0xB5397B1B
>

-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B